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Important matters outside the 
scope of this presentation 



Privacy as a specific concern 

The "opt-in" or "opt-out" discussion 

NEHTA's corporate status 

Emergencies 

Informed consent, consumer education 

Governance- retrofitted and incomplete 

Absolution of government jurisdictions and their agents 

Schedule of actual deliverable and benchmarks 

Document viewing service 

IP - copyright or moral rights 

Support for e-health enabled patient care 



What is the PCEHR system? 

1 . PCEHR= the Personally Controlled Electronic Health 
Record national system 

2. Ostensibly a secure, electronic record of patient 
medical history 

3. Stored and shared in a network of connected systems 

(http://www.nehta.gov.au/ehealth-implementation/what-is-a-pcehr) 



Diagrammatic overview 
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PCEHR Concept of Operations, Sept 2011 : http://www.nehta.gov.au/ 



The PCEHR & The Emperor's New 

ClOtheS (Hans Christian Andersen) 




Security & patient care 

1. Familiar 3 pillars of data-CIA 

2. Same as required for good consultation techniques 




CONFIDENTIALITY 



AVAILABILITY 
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PCEHR system rea 


lities 


Just because one pillar is secure, 


it doesn't 


mean the others are. 




Why? 






1. 


Human factors 




2. 


Practice organisations 




3. 


Standards and specs 




4. 


The security terrain is always moving 





Human factors (1 of 2): Clinicians 



"queues" so "sometimes we don't bother to 


"interrupt the diagnostic process" 


update the medical record' 






"they will ring me and 1 will tell them 


Paper useful "when the IT system 


the password' 


is down" 






"In the end the /health information] 




system works on trust, whatever bits and 




pieces you've got in the place. " 


"shut the bastard down /security 




system/ for it's ...erm ... ethics" 


"I'm doing 5 things at once & I'm the only 




person there " 


"literally red with rage" 


Many clinicians- "simply given up" 



Human factors (2 of 2): Patients 



' / don 't understand computers . . 



"I've never used a computer before . . 
my children are showing me how ...' 



" ... supporting clinical information for an 
entire cancer are team was available in 
clear text .../cached by a search engine)" 

" I don't have one ..." 

' I'm not computer savvy. . . " 



"I was very upset. This is the equivalent of 
finding all the medical records dumped for 
anyone to find them ..." 

"... because I cannot spell, and I do not 
understand the spellcheck function sorry [sic] ..." 

"I don't trust it ..." [the Internet] 

"We were never given a password or website to 
access so there is no reason for this information to 
be online - it is not like we could log on and check it 
ourselves. " 

" I don 't use computers ..." 



System reality #1 

-Clinicians are busy and time-poor, security is not their work 
priority 

-Many patients do not know how to secure e-health information 

- The PCEHR system assumes an equal level of e-health security 
competence and understanding is shared by all Australians, 
when reality clearly demonstrates otherwise 



Practice organizations 



PBS and MBS information CO-IOCated in database {Hansard, Inquiry into Personally Controlled e -Health Records Bill 2011) 
Prescription data Stored On pharmacy Computers fail ANAO audit [Bret<ingham-Moore,C. .Medical Observer, June 4 201 

OLD health unsustainable : Tony O'Connell {courier Man. no« 12011) 

ACCeSS COntrol- paSSWOrdS, Clear teXt (patient reports & Fernando, J;MJA 196:7) 

2 year amnesty period : accidental breaches - penalties, jail terms imsia 

Pause primary care desktops at Lead sites; software incompatibilities; specs not fit for purpose. 1 

NO liability for government agentS {Hansard, Personally Controlled Electronic Health Records (Consequential Amendments) Bill 2011, Personal!. 

" / have no idea how it happened..." [e-health security breach] 



System reality #2 

When government instruments fail security tests either no 
action is taken or security rules are weakened. 
Current security trials for the PCEHR have occurred during an 
amnesty. No end user can learn from this experience or has 
access to the evidence. 

From July 2012 national PCEHR implementations may see 
clinicians facing medico-legal consequences in real life, 
including jail. 

So many factors, often low level or only partially relevant, will 
combine to threaten a national PCEHR system. 
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Standards and specs 1/2 








Medibank database leveraged for IHI numbers inehta: Draft concept of operations, March 20m 


Data-IA 




NEHTA's SAF - use of existing patient numbers as IHI unreliable t/mnAWaat.msmiamixaiiiiftcaufimmmik 


Data-IA 


Urgent review of vendor portal, many unresolved issues (msia *m 101 » mi ehrbbi and consequential 


Data-CIA 


Bolt - On, paraSitiC SOftWare : buffer OVerflOWS (Dr McCauley S Dr Patricia Williams in Dearne, K.The Australian, February 05, 2012) 


Data-CIA 


Centrally managed data-base linked to indexed system of federated data-bases ipcehr concept of operations 


Data-CIA 















Standards and specs 2/2 



- 1S-S-L- 


Data-CIA 


Failure tO take adviCe (Ongoing, submissions and evidence to Senate Inquiries) 


Data-CIA 


Immature Clinical terminology {More, D. Australian HIT blog: http://hl7-watch.blogspot.conV) 


Data-IA 


First 6 of 10 digits of the unique PCEHR website system logon to Australian 
Health Practitioner Regulation Agency common to all registered clinicians ( 


Data-CIA 


Internet-based training for clinicians and consumer: released May 10 2012 ie- 


Data-CIA 




People with limited or no access to or use of computers 


Data-CIA 



Yet the system is inexorably moving on to meet a July 1 deadline. 



System reality #3 

The PCEHR system standards and specs are a 

moral-minefield of security threat. 

Expert advice doesn't seem to be heeded or 

incorporated into risk mitigation strategies. 

Stop rushing to arbitrary deadlines, get it right 

first. 



The security terrain is always moving 

No fixed gateway perimeter to protect 

Cloud computing- Google, Microsoft and other Cloud Services down for hours 

Smart Phones - designed for point to point communication not a replacement computer system 

Tablets - designed for point to point communication not a replacement computer system 

Software for smart phones and tablets - personal and professional use combined (clinicians and many 
other Australians) 



Unintended risks w 



}t yet foresee 



System reality #4 

Many systems that will be used in a PCEHR 
context are simply not up to the job now! 
What is secure today will not be secure 
tomorrow. 

We cannot future-proof security but we can 
address the risks we know of now. 



The security-aware tailor's task 

The fabric of the PCEHR system - be like the child in the story of the 
Emperor's New Clothes 

The fundamental tenets of system security are the same as those required for 
error-free patient care. It isn't too late yet. 

Point out problems and fixes : 

1. Human factors 

2. Practice organisations 

3. Standards and specifications 

4. The fluid security terrain 

Help tailor a system security fabric that will work for all Australians. 
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Thank vou 



Questions? 



Monash University 

Australia 

Malaysia 

South Africa 

Italy 

India 




Dedicated to 

protecting 

privacy rights 



A u s. t r a i i 
Privacy 

Fou nd atio 



